Skip to content
View cyberlandji's full-sized avatar
๐ŸŽฏ
Focusing
๐ŸŽฏ
Focusing
6 followers · 5 following

Block or report cyberlandji

Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
cyberlandji/README.md 
 ____ _ _ _ _ / ___| _| |__ ___ _ __| | __ _ _ __ __| (_) | | | | | | '_ \ / _ \ '__| | / _` | '_ \ / _` | | | |__| |_| | |_) | __/ | | |__| (_| | | | | (_| | | \____\__, |_.__/ \___|_| |_____\__,_|_| |_|\__,_|_| |___/

Hey, I'm Yohan ๐Ÿ‘‹

Blue Team Practitioner | Detection Engineering ยท SOC Operations

ISC2 CC Security+ CASA

I design, build, and validate detection systems โ€” from architecture to alert.

Most of my work is hands-on: I build lab environments, write detection rules from real-world traffic, and document everything โ€” including failures. My focus is understanding how attacks actually look in network data and how to detect them before the attacker gains a foothold.

๐Ÿ› ๏ธ Tools & Technologies

Suricata Graylog Wireshark Snort Kali Linux Linux Apache rsyslog MITRE ATT&CK draw.io

๐Ÿ”ฌ Operation PCAP Autopsy โ€” Detection Rule Development & Network Forensics

PCAP-based investigation series. Each operation analyzes real-world malware traffic, reconstructs the attack chain, and produces validated Suricata detection rules.

Operation Title Malware Family Rules Status
PA-01 You Dirty Rat! STRRAT 3 Suricata โœ… Complete
PA-02 Lumma in the Room-ah Lumma Stealer 13 Suricata โœ… Complete
PA-03 The Ghost in the Wire GhostWeaver RAT 16 Suricata + 3 Sigma โœ… Complete

32 Suricata rules validated across 3 operations. 3 Sigma rules identified and deferred to Operation Prism Box.

๐Ÿ—๏ธ Operation Iron Watch โ€” SOC Architecture & Detection Labs

A three-part SOC lab series. Each operation builds on the last: from manual detection to SIEM to full DMZ architecture with proactive defense.

Operation Focus Status
IW01 Foundational SOC โ€” Snort IDS, manual correlation โœ… Complete
IW02 Graylog SIEM โ€” web enumeration detection, SSH compromise invisible โœ… Complete
IW03 DMZ hardening, full log pipeline, DDoS Detection Suite โœ… Complete

๐Ÿ”ฎ Operation Prism Box โ€” SIEM + EDR + Detection Correlation (Coming Soon)

Elastic Stack SIEM + Suricata IDS/IPS + Elastic Defend EDR + Atomic Red Team + Shuffle SOAR. Proactive detection methodology โ€” writing Sigma + Suricata rules from simulated attack scenarios with cross-telemetry correlation.

Phase Focus Status
PB-01 Elastic Stack install + EDR implementation ๐Ÿ”œ Planned
PB-02 Atomic Red Team attack scenarios, Sigma + Suricata rule development ๐Ÿ”œ Planned
PB-03 Hardening, full detection suite, Shuffle SOAR + playbook automation ๐Ÿ”œ Planned

๐Ÿ”— Links

Portfolio LinkedIn GitHub

I design, build, and validate detection systems โ€” from architecture to alert.

Pinned Loading

  1. operation-iron-watch-03 operation-iron-watch-03 Public

    Iron Watch 03 continues where prevention failed โ€” focusing on post-compromise detection, investigation, and hardening.

  2. operation-pcap-autopsy operation-pcap-autopsy Public

    Detection rules written, validated, and documented from real-world malicious network traffic. Each operation takes a PCAP containing actual malware activity, reconstructs the attack chain, and prodโ€ฆ